{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,23]],"date-time":"2025-12-23T12:30:55Z","timestamp":1766493055259,"version":"3.44.0"},"publisher-location":"New York, NY, USA","reference-count":42,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,6,18]],"date-time":"2024-06-18T00:00:00Z","timestamp":1718668800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,6,18]]},"DOI":"10.1145\/3661167.3661279","type":"proceedings-article","created":{"date-parts":[[2024,6,14]],"date-time":"2024-06-14T12:24:25Z","timestamp":1718367865000},"page":"634-642","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":2,"title":["An Empirical Investigation of the Security Weaknesses in Open-Source Projects"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0007-1522-1147","authenticated-orcid":false,"given":"Haifa","family":"Al-Shammare","sequence":"first","affiliation":[{"name":"Information and Computer Science Department, King Fahd University of Petroleum and Minerals, Saudi Arabia and \rDigital Technical College for Girls, Technical and Vocational Training Corporation, Saudi Arabia"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0003-6731-6245","authenticated-orcid":false,"given":"Nehal","family":"Al-Otaiby","sequence":"additional","affiliation":[{"name":"Information and Computer Science Department, King Fahd University of Petroleum and Minerals, Saudi Arabia and \rComputer Department, Deanship of Preparatory Year and Supporting Studies, Imam Abdulrahman Bin Faisal University, Saudi Arabia"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0007-3148-0077","authenticated-orcid":false,"given":"Muradi","family":"Al-Otabi","sequence":"additional","affiliation":[{"name":"Information and Computer Science Department, King Fahd University of Petroleum and Minerals, Saudi Arabia"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7950-0099","authenticated-orcid":false,"given":"Mohammad","family":"Alshayeb","sequence":"additional","affiliation":[{"name":"Information and Computer Science Department, King Fahd University of Petroleum and Minerals, Saudi Arabia"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2024,6,18]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"Muhammad Ali Babar, and Christoph Treude","author":"Zahedi Mansooreh","year":"2018","unstructured":"Mansooreh Zahedi, Muhammad Ali Babar, and Christoph Treude. 2018. An empirical study of security issues posted in open source projects. (2018)"},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/3339252.3340338"},{"key":"e_1_3_2_1_3_1","first-page":"1","article-title":"Out of sight, out of mind? How vulnerable dependencies affect open-source projects","volume":"26","author":"Azriadi Prana Gede Artha","year":"2021","unstructured":"Gede Artha Azriadi Prana, Abhishek Sharma, Lwin Khin Shar, Darius Foo, Andrew E Santosa, Asankhaya Sharma, and David Lo. 2021. Out of sight, out of mind? How vulnerable dependencies affect open-source projects. Empirical Software Engineering 26 (2021), 1\u201334.","journal-title":"Empirical Software Engineering"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/3106237.3106267"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","unstructured":"hilpa V. Shankhpal and S.H. Brahmananda. 2020.\u00a0Design and Development of\u00a0trust\u00a0management scheme for the\u00a0internet\u00a0of\u00a0things\u00a0based on the optimization algorithm.\u00a0In 2020 IEEE 9th International Conference on Communication Systems and Network Technologies (CSNT). 207\u2013211.\u00a0https:\/\/doi.org\/10.1109\/CSNT48778.\u00a02020.9115784","DOI":"10.1109\/CSNT48778"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jss.2019.110427"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1109\/QRS.2016.19"},{"key":"e_1_3_2_1_8_1","unstructured":"MITRE. Common Weakness Enumeration (CWE). [Online]. Available:\u00a0https:\/\/cwe.mitre.org\/"},{"key":"e_1_3_2_1_9_1","volume-title":"OWASP Top Ten Web Application Security Risks","author":"OWASP.","year":"2021","unstructured":"OWASP. OWASP Top Ten Web Application Security Risks: 2021. [Online]. Available:\u00a0https:\/\/owasp.org\/www-project-top-ten\/OWASP_Top_Ten_2021\/"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2020.3023664"},{"key":"e_1_3_2_1_11_1","volume-title":"Statically-Directed Assertion Recommendation for C Programs. In 2019 IEEE 43rd Annual Computer Software and Applications Conference (COMPSAC)","volume":"1","author":"Wang Cong","year":"2019","unstructured":"Cong Wang, Le Kang, Renwei Zhang, and Weiliang Yin. 2019. Statically-Directed Assertion Recommendation for C Programs. In 2019 IEEE 43rd Annual Computer Software and Applications Conference (COMPSAC), Vol. 1. 1\u201310.\u00a0https:\/\/doi.org\/\u00a010.1109\/COMPSAC.2019.00011"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1109\/SCAM51674.2020.00027"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1109\/SCAM.2018.00014"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jss.2020.110653"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.3390\/s21072329"},{"key":"e_1_3_2_1_16_1","unstructured":"GitHub. \"GitHub: Where the world builds software.\" GitHub. [Online]. Available:\u00a0https:\/\/github.com\/"},{"key":"e_1_3_2_1_17_1","volume-title":"Goal question metric (gqm) approach. Encyclopedia of software engineering","author":"Solingen Rini Van","year":"2002","unstructured":"Rini Van Solingen, Vic Basili, Gianluigi Caldiera, and H Dieter Rombach. 2002. Goal question metric (gqm) approach. Encyclopedia of software engineering (2002)."},{"key":"e_1_3_2_1_18_1","unstructured":"PVS-Studio.\u00a0\"PVS-Studio is a static analyzer\u00a0on\u00a0guard\u00a0of\u00a0code quality security (SAST) and code safety.\"\u00a0[Online].\u00a0Available:https:\/\/pvsstudio.com\/en\/pvs-studio\/"},{"key":"e_1_3_2_1_19_1","volume-title":"Using distributed representation of code for bug detection. arXiv preprint arXiv:1911.12863","author":"Briem J\u00f3n Arnar","year":"2019","unstructured":"J\u00f3n Arnar Briem, Jordi Smit, Hendrig Sellik, and Pavel Rapoport. 2019. Using distributed representation of code for bug detection. arXiv preprint arXiv:1911.12863 (2019)."},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1109\/IBCAST.2018.8312264"},{"key":"e_1_3_2_1_21_1","unstructured":"NIST.\u00a0\"Source Code Security Analyzers.\"\u00a0[Online]. Available:\u00a0https:\/\/www.nist.gov\/itl\/ssd\/software-quality-group\/sourcecode-security-analyzers\u00a0"},{"key":"e_1_3_2_1_22_1","unstructured":"PVS-Studio. 2021.\u00a0\u201cCWE Top 25 2021. What is it what is it for\u00a0and\u00a0how is it useful for static analysis?\u201d\u00a0Accessed: Nov. 27 2021. [Online]. Available:\u00a0https:\/\/pvs-studio.com\/en\/blog\/posts\/0869."},{"key":"e_1_3_2_1_23_1","volume-title":"security (SAST), and safety.\" Accessed","author":"PVS","year":"2024","unstructured":"\"PVS Studio is a solution to enhance code quality, security (SAST), and safety.\" Accessed: Apr. 17, 2024. [Online]. Available:\u00a0https:\/\/pvs-studio.com\/en\/"},{"key":"e_1_3_2_1_24_1","unstructured":"ohan Fisch and Carl Haglund. 2021. Using the SEI CERT Secure Coding Standard to Reduce Vulnerabilities."},{"volume-title":"IDENTIFYING TECHNICAL DEBT AND TOOLS FOR TECHNICAL DEBT MANAGEMENT IN SOFTWARE DEVELOPMENT. Ph. D. Dissertation","author":"Muratda\u011f\u0131 Tolga","key":"e_1_3_2_1_25_1","unstructured":"Tolga Muratda\u011f\u0131. 2024. IDENTIFYING TECHNICAL DEBT AND TOOLS FOR TECHNICAL DEBT MANAGEMENT IN SOFTWARE DEVELOPMENT. Ph. D. Dissertation. Middle East Technical University."},{"key":"e_1_3_2_1_26_1","volume-title":"Nov. 27","author":"The Software Quality Company TIOBE","year":"2021","unstructured":"index | TIOBE - The Software Quality Company.\u201d Accessed: Nov. 27, 2021. [Online]. Available:\u00a0https:\/\/www.tiobe.com\/tiobeindex\/"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"crossref","unstructured":"Markus Zoppelt and Ramin Tavakoli Kolagari. 2019. SAM: A Security Abstraction Model for Automotive Software Systems. In Security and Safety Interplay of Intelligent Software Systems Brahim Hamid Barbara Gallina Asaf Shabtai Yuval Elovici and Joaquin Garcia-Alfaro (Eds.). Springer International Publishing Cham 59\u201374.","DOI":"10.1007\/978-3-030-16874-2_5"},{"key":"e_1_3_2_1_28_1","volume-title":"Accessed","author":"Languages Top Programming","year":"2021","unstructured":"Top Programming Languages 2021 - IEEE Spectrum.\u201d Accessed: Nov. 27, 2021. [Online]. Available: https:\/\/spectrum.ieee.org\/topprogramming-languages-2021"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1109\/LRA.2021.3097250"},{"key":"e_1_3_2_1_30_1","first-page":"91","article-title":"Investigating Static Analyzers Detection Capabilities on Ethereum Smart Contracts","volume":"55","author":"Staderini Mirko","year":"2021","unstructured":"Mirko Staderini and Andrea Bondavalli. 2021. Investigating Static Analyzers Detection Capabilities on Ethereum Smart Contracts. Stat 55 (2021), 91","journal-title":"Stat"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1109\/iSCI50694.2020.00021"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/ISSRE.2019.00040"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1109\/IBCAST.2018.8312265"},{"key":"e_1_3_2_1_34_1","unstructured":"Tosin Daniel Oyetoyan and Marcos Chaim. 2017. Comparing capability of static analysis tools to detect security weaknesses in mobile applications. (2017)."},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2021.3120349"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2020.3023664"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.53735\/cisse.v11i1.179"},{"key":"e_1_3_2_1_38_1","unstructured":"Seong-Kyun Mok and Eun-Sun Cho. 2023. L4 Pointer: An efficient pointer extension for spatial memory safety support without hardware extension. arXiv preprint arXiv:2302.06819 (2023)"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-023-10398-5"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1002\/spy2.95"},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE-SEIP58684.2023.00032"},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE-SEET52601.2021.00019"}],"event":{"name":"EASE 2024: 28th International Conference on Evaluation and Assessment in Software Engineering","acronym":"EASE 2024","location":"Salerno Italy"},"container-title":["Proceedings of the 28th International Conference on Evaluation and Assessment in Software Engineering"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3661167.3661279","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3661167.3661279","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T11:16:23Z","timestamp":1755861383000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3661167.3661279"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,6,18]]},"references-count":42,"alternative-id":["10.1145\/3661167.3661279","10.1145\/3661167"],"URL":"https:\/\/doi.org\/10.1145\/3661167.3661279","relation":{},"subject":[],"published":{"date-parts":[[2024,6,18]]},"assertion":[{"value":"2024-06-18","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}